Sanity check of my config - is it secure?

António P. P. Almeida appa at
Thu May 26 23:46:50 MSD 2011

On 26 Mai 2011 20h36 WEST, nginx-forum at wrote:

> Thanks, in your opinion what's the best way to approach this? I
> basically want to ensure that our subdomain ONLY
> servers image/js/css files.
> Whilst I have set 'location' for only the folders which have images,
> etc in, I want to ensure that if someone put a script into one of
> those directories, it would not be executed.

If I understood correctly: there's no need to worry then. If there's
no embedded interpreter (Perl/Lua) or a fastcgi backend configured on
that vhost. There's no way that someone will be able to run a script
from the web there.

--- appa

More information about the nginx mailing list